Name of the Vulnerable Software and Affected Versions hulp versions (affected versions not specified)

Description The issue concerns malicious code embedded in the hulp package as a preinstall script. Upon installation, the package establishes communication with a Command and Control server, allowing the execution of arbitrary commands. This indicates a significant security risk, as affected computers may be considered fully compromised.

Recommendations Remove the hulp package, however, be aware that this action may not eliminate all malicious software resulting from its installation, as full control of the computer may have been relinquished to an external entity. Rotate all secrets and keys stored on the compromised computer immediately, using a different computer to perform this task.